A new zero-day vulnerability(CVE-2018-15982) has been discovered in Adobe Flash Player which is getting exploited by hackers as a part of a targeted phishing campaign. The campaign appears to have been attacking Russian state healthcare institutions.
The zero-day exploit was spotted last week inside malicious Microsoft Office documents which were submitted to VirusTotal from a Ukrainian IP address.
The malicious Microsoft Office documents contained an embedded Flash ActiveX Object in its header that renders when the user opens the document, causing exploitation of the reported Flash player vulnerability.
How does the exploit work?
According to the researchers the final payload is neither in the Microsoft Office file nor in the Flash exploit (inside it).
Instead, the final payload is inside an image file (scan042.jpg), which is itself an archive file, that has been packed along with the Microsoft Office file inside a parent WinRAR archive. The WinRAR is then distributed through phishing emails.
Upon opening the document, the Flash exploit executes a command on the system to unarchive the image file and run the final payload i.e. backup.exe which has been protected with VMProtect( a mechanism meant to block efforts at reverse engineering and analysis.)
The backdoor is programmed to
– Monitor user activities (keyboard or moves the mouse)
– Collect system information and sending it to a remote command-and-control (C&C) server,
– Execute shellcode
– Load PE in memory,
– Download files
– Execute code, and
The vulnerability impacts Adobe Flash Player versions 18.104.22.168 and earlier for products including Flash Player Desktop Runtime, Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11. Adobe Flash Player Installer versions 22.214.171.124 and earlier is also affected.
Adobe has issued a patch to address CVE-2018-15982. Users and admins are advised to test and install the patches as soon as possible
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes.
Adobe Flash Player is one of the most exploited products as it is one of the most widely used. Hence, users are suggested always keep an eye on Adobe Flash Player updates and disable auto-flash player execution in your browsers and other softwares like Microsoft Office.
Although this vulnerability has just been announced, it is not known for how long it has been out in the open. It is possible that certain malicious hackers might already be exploiting this since time unknown. Privacy today is an Urban Legend and time after time such revelations simply prove the same.
Security of an individual is in his own hands and the only way to stay secure is to stay vigilant and suspicious about every email, link and message one gets on the internet.
One cannot protect himself if files with zero-day exploits if they get inside your device, however, you can take the below precautions to ensure that the malware doesn’t get into your system in the first place:
Install a good trusted antivirus with a valid license
Keep an eye out on fake/fraud phishing emails that might be trying to convince you to visit link/download things by scaring you or luring you with some discount/offers/prizes.
Never download softwares from untrusted sources such as pirated websites, blogs, torrents etc as they mostly contain some kind of malware. Only download from official websites.
Never click on unknown links and attachments in emails.
Be aware of any social engineering tactics that can be used by hackers to steal data.
Never leave your system unattended.
Do not connect to unknown WiFi networks.
Use two-factor authentication wherever possible.
If you are running an organization, train your employees and make them aware of the common phishing attacks. Hackers often target employees in order to gain confidential information about the company.
Your email address will not be published. Required fields are marked *
Notify me of follow-up comments by email.
Notify me of new posts by email.
Sign me up for the newsletter!
Estée Lauder Signs Bollywood Actress, Diana Penty as first Brand Ambassador for India
Aditya Birla Sun Life Mutual Fund launches Aditya Birla Sun Life Nifty Next 50 ETF
JET AIRWAYS ANNOUNCES CODESHARE WITH FLYNAS
Aniket Vishwasrao to play a salesman in his debut web-series, Padded ki Pushup, on Hungama Play
SUDHANSHU PANDEY’S OH-SO-HOT BODY WILL RAISE THE OOMPH FACTOR OF THE ILLUSIONER 2019
2014 The Global Indian New Network (TGINN)